CN109543369B - DEX protection method - Google Patents
DEX protection method Download PDFInfo
- Publication number
- CN109543369B CN109543369B CN201811410423.5A CN201811410423A CN109543369B CN 109543369 B CN109543369 B CN 109543369B CN 201811410423 A CN201811410423 A CN 201811410423A CN 109543369 B CN109543369 B CN 109543369B
- Authority
- CN
- China
- Prior art keywords
- source code
- dex
- smali
- language
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 16
- 230000006870 function Effects 0.000 claims abstract description 6
- 238000005516 engineering process Methods 0.000 abstract description 9
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 238000006243 chemical reaction Methods 0.000 abstract description 2
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 238000005336 cracking Methods 0.000 description 1
- 230000008034 disappearance Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Devices For Executing Special Programs (AREA)
Abstract
The invention discloses a DEX protection method, which comprises the following steps: the DEX file to be protected is inversely compiled into a smali source code; then converting the source code needing protection in the smali source code into a C language source code; then, the converted C language source code is modified into a calling C language function; obfuscating and compiling the converted C language source code to generate a so file; finally, generating the modified smali source code into a protected DEX file; and the so file and the protected DEX file jointly realize the function of the DEX file before protection. The invention has the beneficial effects that: DEX file hiding is performed by converting codes in the DEX file into source codes of another language by using a source code conversion technology, so that DEX file protection is realized.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a DEX protection method.
Background
DEX protection is to protect DEX by technical means so as to prevent code therein from being stolen, modified and decompiled to the maximum extent. Due to the open source characteristic of android, decompilation of DEX cannot be prevented, and the DEX outputs the source code of the smali language after being decompilated, so the main purpose of DEX protection is to prevent the code from being stolen and modified. The current DEX protection technologies mainly comprise the following technologies:
1. code obfuscation: the class name and the variable name of the code are confused into a self-defined format by using an obfuscation tool, so that the reading difficulty of the source code after the DEX is decompiled is increased, and the method can be easily realized by using ProGuard;
2. DEX self-check: integrity check of the DEX is added in the code of the DEX so as to achieve the aim of preventing modification;
3. hiding DEX: hiding the DEX code to achieve the purpose of preventing the code from being stolen and modified, wherein the method needs to reserve an agent in an APK, and the agent releases the hidden DEX code and loads the DEX code to run when the agent runs;
4. DEX structural deformation: the file structure of DEX is utilized to extract the instruction and replace the instruction with a nop instruction, and the extracted instruction is filled back before the code is executed during operation, so that the aims of preventing the code from being stolen and modified are fulfilled.
The existing DEX protection technology, wherein the code obfuscation and self-checking technology completely exposes the DEX file, so that the DEX file is easily broken through, and basically has no protection effect under the existing technical environment; the core concept of the hidden DEX and the structural deformation technology is hidden, but the hidden does not mean disappearance, so the technology of the hidden DEX and the structural deformation technology only improves the difficulty of cracking, and a cracker finds a hidden place, so the code is completely exposed.
Disclosure of Invention
In order to solve the above problems, the present invention aims to provide a method for protecting DEX, which mainly solves the problem of DEX hiding, and truly makes the original DEX code completely disappear, so as to achieve the purpose of preventing the code from being stolen and modified.
The invention provides a DEX protection method, which comprises the following steps:
step 101: the DEX file to be protected is inversely compiled into a smali source code;
step 102: converting the source code needing protection in the smali source code into a C language source code;
step 103: modifying the C language source code converted in the step 102 into a calling C language function;
step 104: obfuscating and compiling the converted C language source codes and generating a so file;
step 105: generating the modified smali source code in the step 103 into a protected DEX file;
as a further improvement of the invention, in step 101, the DEX file to be protected is reversely compiled into the smali source code by using apktool.
As a further improvement of the invention, in step 102, the source code of the method needing protection in the smali source code is converted into C language source code, but the attribute definition in the Java class must be maintained, and the source code of the attribute definition cannot be modified.
As a further improvement of the present invention, step 102 specifically includes:
step S1, performing lexical analysis on the source codes to be protected in the smali source codes, decomposing the smali instruction, removing the code of the annotation and the irrelevant logic, and analyzing constants, labels, instruction operators, registers and entries contained in other smali grammars;
step S2, classifying the results of step S1 and performing syntax analysis;
and step S3, generating C language source code according to the grammar analysis result and the context relation.
The invention has the beneficial effects that: DEX file hiding is performed by converting codes in the DEX file into source codes of another language by using a source code conversion technology, so that DEX file protection is realized.
Drawings
Fig. 1 is a flowchart of a method for protecting a DEX file according to an embodiment of the present invention;
Detailed Description
The present invention will be described in further detail below with reference to specific embodiments and with reference to the attached drawings.
As shown in fig. 1, a method for protecting DEX according to an embodiment of the present invention includes the following steps:
step 101: the DEX file to be protected is inversely compiled into a smali source code;
step 102: converting the source code needing protection in the smali source code into a C language source code;
step 103: modifying the C language source code converted in the step 102 into a calling C language function;
step 104: obfuscating and compiling the converted C language source codes and generating a so file;
step 105: and generating the modified smali source code in the step 103 into a protected DEX file.
And disassembling the DEX into a smal source code, converting the smal source code into a C language source code to hide the code, and changing the DEX into so as to change the code carrier.
Further, the DEX file to be protected is reversely compiled into the smali source code by using the apktool.
Further, the source code of the method needing protection in the smali source code is converted into C language source code.
Further, step 102 specifically includes: step S1, performing lexical analysis on the source codes to be protected in the smali source codes, decomposing the smali instruction, removing the code of the annotation and the irrelevant logic, and analyzing constants, labels, instruction operators, registers and entries contained in other smali grammars; step S2, classifying and parsing the result of step S1, for example, if there is a single string of smali source codes "add-int v0, v1, v 2", then the result of step S1 will generate 4 entries, i.e., add-int, v0, v1, v2, and after parsing the 4 entries, recombine the 4 entries to "v 0 ═ v1+ v 2; "for use in subsequent steps; and step S3, generating C language source code according to the grammar analysis result and the context relation.
The so file and the protected DEX file jointly realize the function of the DEX file before protection. When the protected DEX file is attacked, an attacker cannot see the original smali source codes, and all the protected smali source codes are replaced by so calling entries. For example, a Java source code is public int add (int a, int b) { return a + b; an attacker can easily read and modify it before it is protected; after protection, the source code will be changed to public int add (int a, int b) { return _ native _ add (a, b); an attacker will not know what the source code did, nor can it be modified.
The invention uses DEX hiding method to protect DEX, which converts the code in DEX into source code of other language, but can also convert the byte code in DEX into other language to achieve the same hiding effect without disassembling it into smali source code.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (2)
1. A protection method of a DEX file is characterized by comprising the following steps:
step 101: the DEX file to be protected is inversely compiled into a smali source code;
step 102: converting the source code of the method needing protection in the smali source code into C language source code, comprising the following steps:
step S1, performing lexical analysis on part of source codes in the smali source codes, decomposing the smali instruction, removing the code of the annotation and irrelevant logic, and analyzing constants, labels, instruction operators, registers and entries contained in other smali grammars;
step S2, classifying the results of step S1 and performing syntax analysis;
step S3, generating C language source code according to the grammar analysis result and the context;
step 103: modifying the C language source code converted in the step 102 into a calling C language function;
step 104: obfuscating and compiling the converted C language source codes and generating a so file;
step 105: and generating the modified smali source code in the step 103 into a protected DEX file.
2. The method for protecting DEX file according to claim 1, wherein in step 101, the DEX file to be protected is inversely compiled into the smali source code by using apktool.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811410423.5A CN109543369B (en) | 2018-11-23 | 2018-11-23 | DEX protection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811410423.5A CN109543369B (en) | 2018-11-23 | 2018-11-23 | DEX protection method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109543369A CN109543369A (en) | 2019-03-29 |
| CN109543369B true CN109543369B (en) | 2022-03-25 |
Family
ID=65849566
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811410423.5A Active CN109543369B (en) | 2018-11-23 | 2018-11-23 | DEX protection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109543369B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111274551B (en) * | 2019-12-30 | 2023-06-27 | 上海上讯信息技术股份有限公司 | Compiler-based java code protection method and device and electronic equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104463002A (en) * | 2014-12-24 | 2015-03-25 | 北京奇虎科技有限公司 | APK reinforcing method and device and APK reinforcing client and server |
| CN106326694A (en) * | 2016-08-30 | 2017-01-11 | 北京鼎源科技有限公司 | Android application reinforcing method baed on C source code mixing |
| CN106599628A (en) * | 2016-12-08 | 2017-04-26 | 合肥康捷信息科技有限公司 | Python byte code file protection method based on module hook |
| CN106650341A (en) * | 2016-11-18 | 2017-05-10 | 湖南鼎源蓝剑信息科技有限公司 | Android application reinforcement method based on the process confusion technology |
| CN106778103A (en) * | 2016-12-30 | 2017-05-31 | 上海掌门科技有限公司 | Reinforcement means, system and decryption method that a kind of Android application program anti-reversing is cracked |
| CN108733988A (en) * | 2017-04-19 | 2018-11-02 | 北京洋浦伟业科技发展有限公司 | The guard method of executable program on Android platform |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080250231A1 (en) * | 2007-04-03 | 2008-10-09 | Kabushiki Kaisha Toshiba | Program code conversion apparatus, program code conversion method and recording medium |
| WO2014142430A1 (en) * | 2013-03-15 | 2014-09-18 | 주식회사 에스이웍스 | Dex file binary obfuscation method in android system |
| EP3057019A1 (en) * | 2015-02-13 | 2016-08-17 | Thomson Licensing | Method and device for protecting an application and method and device for executing a protected application thus protected |
| CN108681457B (en) * | 2018-05-11 | 2020-09-01 | 西北大学 | Android application program protection method based on code sinking and residual code interpretation |
-
2018
- 2018-11-23 CN CN201811410423.5A patent/CN109543369B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104463002A (en) * | 2014-12-24 | 2015-03-25 | 北京奇虎科技有限公司 | APK reinforcing method and device and APK reinforcing client and server |
| CN106326694A (en) * | 2016-08-30 | 2017-01-11 | 北京鼎源科技有限公司 | Android application reinforcing method baed on C source code mixing |
| CN106650341A (en) * | 2016-11-18 | 2017-05-10 | 湖南鼎源蓝剑信息科技有限公司 | Android application reinforcement method based on the process confusion technology |
| CN106599628A (en) * | 2016-12-08 | 2017-04-26 | 合肥康捷信息科技有限公司 | Python byte code file protection method based on module hook |
| CN106778103A (en) * | 2016-12-30 | 2017-05-31 | 上海掌门科技有限公司 | Reinforcement means, system and decryption method that a kind of Android application program anti-reversing is cracked |
| CN108733988A (en) * | 2017-04-19 | 2018-11-02 | 北京洋浦伟业科技发展有限公司 | The guard method of executable program on Android platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109543369A (en) | 2019-03-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106599628B (en) | A kind of Python byte code files guard method based on module hook | |
| KR101490047B1 (en) | Apparatus for tamper protection of application code based on self modification and method thereof | |
| CN108681457B (en) | Android application program protection method based on code sinking and residual code interpretation | |
| CN108363911B (en) | Python script obfuscating and watermarking method and device | |
| CN104463002A (en) | APK reinforcing method and device and APK reinforcing client and server | |
| CN106126981B (en) | Software security means of defence based on the replacement of virtual function table | |
| US8090959B2 (en) | Method and apparatus for protecting .net programs | |
| KR101521765B1 (en) | Apparatus For Code Obfuscation Using Indistinguishable Identifier Conversion and Method Thereof | |
| CN107992723A (en) | A kind of Java protection of source codes methods based on dynamic link library | |
| CN103413075B (en) | A kind of method and apparatus of protecting JAVA executable program by virtual machine | |
| CN109684794B (en) | Code protection virtual machine KVM system realization method, device, computer equipment and storage medium | |
| CN108733988A (en) | The guard method of executable program on Android platform | |
| CN104866734B (en) | A kind of guard method of DEX file and device | |
| KR101234591B1 (en) | Method for Anti-Encoding Android by Using Java Native Interface | |
| CN103927164B (en) | A kind of script obscures method and system | |
| CN112163195B (en) | Virtual machine software protection method based on stack hiding | |
| CN103177199A (en) | Webpage application code protective method and system, and executive speed-up method and system | |
| CN109948308A (en) | Code security guard method, device, electronic equipment and computer readable storage medium | |
| CN106778100B (en) | Obfuscation compiling method and obfuscation compiler based on android platform and IOS platform | |
| CN105718765A (en) | Method for achieving code obfuscation through finite automaton | |
| CN104298534A (en) | Programming method and device based on Lua language | |
| CN109543368B (en) | Cross-platform source code virtualization protection method based on intermediate language interpreter | |
| CN110059456A (en) | Code protection method, code protection device, storage medium and electronic equipment | |
| CN109543369B (en) | DEX protection method | |
| CN112214736A (en) | Code encryption method and related assembly |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |